EOL site - the last few days

[Kopaka]

First of all, there will be a short downtime for EOL site and game tonight for about 1 hour between 4:00 and 6:00 EEST, as the OS on the host machine is getting upgraded.

Secondly the daily lag spike is now a thing of the past. The backup of database that caused the lag has been turned off. So the previous note about not playing seriously between 15:30 and 16:30 EEST is no longer in effect.

Lastly I wanted to tell abit about what has happened on the site the last few days since friday, before rumours run wild. Friday player nick names started changing to seemingly random values. They where slowly changing one by one. I took the site offline as soon as I was notified, which stopped the changing. Being unable to find the exact cause at first, I put the site back online with the settings page offline as this is where nick changes could take place, and a faulty or unsecure script here could be the cause. I had a backup which was a couple hours old, so I could use this to restore the nick names.

A couple days later, after wcup had started, the uploaded replays started to change between shared and unshared seemingly by themselves. It should here be noted that when replays are shared they are only shared within the players teams, not with the public at large. I took the whole site down once again while I investigated the issue. This time I found the actions in some of the different logs I have and was able to identify the exact problem as jquery related url manipulation aswell as the user behind the "attack".

This is an issue that exists with a lot of the existing jquery on the website. So I started fixing this. Firstly the home page and cup page so that I could put these back online and people could upload world cup replays again. A lot of the other pages is still offline and it seems unlikely to get these fixed this week, as I have other obligations.

This type of attack is a relative simple one, and possible because javascript is client side. So you can see what it does. But it's also easy to fix the security hole, I just have to add some extra checks every place there is javascript, which is a lot of places, so it takes a while. So yes this could happen because I made a blunder in the coding of the website, but it's just one of those things that's bound to happen in a voluntarily driven community such as this when there exists people like you know who. I am not an expert in really any of the technical aspects of making and running a site and server such as this, and doing proper testing with the little amount of people and resources we have is next to impossible. And the person behind the attack, whose name I won't taint this text with, choose to not report an issue he saw, but rather exploit it as much as he could, and actually took the time to sit and make hundreds of requests one by one, to mess up as much as he could. And this is by no means the first thing he has done to try and ruin the elma experience for everyone. Not only that he choose to wait untill the worst possible time, just before World Cup started. Much like doping revelations that are stalled untill the Tour De France for maximum exposure. Some people just want to see the world burn..

Anyway before I get lost in making references, I just wanted to be honest about what has happened, and let you know that things are all good now, the rest of the pages will come back during next week and some people never change.

[culinko]

was it berh?

[Kopaka]

was it berh?

yup

[pawq]

Who else could it be? :/

Thanks for the feedback Kopa, appreciated! And, of course, thanks a million for all the time you sacrifice to running the website! :)

[Lukazz]

what else can i say, but:

lol dudes you really watch these movies? and what? why are you doing it? somebody tells you the title and what? you download it and watch or go to the cinema? you're really sick really really i wouldn't even touch this

[abruzzi]

I was just checking the holes to report them, then I could reach all times and recs and that was just too interesting, so wanted to post everything right after the 1st event would end. I suck horribly, sorry.

[sleap]

I was just checking the holes to report them, then I could reach all times and recs and that was just too interesting, so wanted to post everything right after the 1st event would end. I suck horribly, sorry.

Apology not taken. Think befor you move.

[Igge]

You have absolutely no reason to apologize Kopaka. The time and effort you've put into this game and it's scene is to me unparallelled by anyone. The fact that you apologize for something that was entirely someone else's fault shows even more how selfless and considerate you are. You may not have the best taste in music, but to me you're nothing short of a role model. Always open and helpful, and like you showed above you always care more about others than yourself. The world could really use a couple of more Kopakas.

Let's not turn this in to a berh-bashing topic. We don't need another one of those. Clearly he's just doing this to get such attention anyway, so doing so would only play into his hands. I'd rather see this become a kopaka appreciation topic, because this guy doesn't get nearly the credit he deserves.

To kopaka

[Grace]

<3 Kopa

>:( berh

[Labs]

You have absolutely no reason to apologize Kopaka. The time and effort you've put into this game and it's scene is to me unparallelled by anyone. The fact that you apologize for something that was entirely someone else's fault shows even more how selfless and considerate you are. You may not have the best taste in music, but to me you're nothing short of a role model. Always open and helpful, and like you showed above you always care more about others than yourself. The world could really use a couple of more Kopakas.

Let's not turn this in to a berh-bashing topic. We don't need another one of those. Clearly he's just doing this to get such attention anyway, so doing so would only play into his hands. I'd rather see this become a kopaka appreciation topic, because this guy doesn't get nearly the credit he deserves.

To kopaka

+1

Kopa for president!

[Tigro]

Thanks Kopaka, ur a hero! Heroes chase those bad-asses.

[BlaZtek]

Kopaka <3

[Mawane]

are the Battles and Setting pages offline because of that?

[BlaZtek]

ofc, thats just what he said

[Kopaka]

Little update. Last page, settings, is now back online. Also it seems a bunch of emails, themes and page layout saves have been deleted in the "attack", so make sure to go and put your email back in on http://elmaonline.net/settings